Net nie działa, miałam newdot~1


(M Zaba) #1

Witam. Wzorując si na podpowiedziach zawartych w pomocy, usunełam (a przynajmniej tak mi sie wydaje) probelm NewDot~1 - dinstalowałam go i usunełam. oczysciłam kmputer Cleaner`em, Ad-awarem, spy-bootem, a nawet nortonem, pandą..... (oczywiście uprzednio kolejny odinstalując). wyszukało okropnie duzo błedów, luk. oczysciłam komputer ze zbednych programów, a mimo to nadal nie mam internetu i szczerze mówiąc nie bardzo wiem co zaznaczyć, a czego nie. komputer widzi modem, ale nie moze się połaczyć z internetem.

moze na podstawie tego ktoś mi pomoże :slight_smile:

Logfile of HijackThis v1.99.1

Scan saved at 18:28:23, on 2006-06-21

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe

C:\PROGRA~1\TopText\wo.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Creative\ShareDLL\MediaDet.exe

C:\PROGRA~1\INCRED~2\bin\IMApp.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\msnet\v9\msnet.EXE

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Documents and Settings\Konto Administratora\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-search.cgi?track=mssb1&look=sbar1_srchbtn

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-search.cgi?track=mssb1&look=sbar1_srchbtn

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.astercity.net/acc_ssl.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Media-Search] "C:\Program Files\msnet\v9\msnet.EXE" /H

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe"

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm

O9 - Extra button: Player! - {C377C94E-5A4F-11d3-940D-00001CD3D236} - C:\WINDOWS\System32\shdocvw.dll

O12 - Plugin for .pcg: C:\Program Files\Internet Explorer\Plugins\nppcgplg.dll

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://wilga.acn.pl/wilga/art/tdserver.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab

O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (Miniclip) - http://www.miniclip.com/toolbar/minicliptoolbar.cab

O16 - DPF: {80B410C0-BADA-11D4-8308-0080C8D7ED4A} - http://gryonline.wp.pl/files/tysiac.cab

O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} - http://klass.js.pl/pornusy.exe

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer_147.cab

O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} - http://advnt01.com/dialer/internazionale_ver15.CAB

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?d77783d03d0dd29877970503649e59cfd4c8af7f0a674fecd848165b9620974096fbec58470afeeb130ce9ef163c5925e34ffc609b2bd138bb45195350320dee21478510f7:51bd07fb1b7f6cfe8c482626e79f8d4e

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: License Procedure Messaging (WksPatch) - Unknown owner - C:\WINDOWS\System32\drivers\svchost.exe (file missing)

prosze o "jak najdokładniejsze wytłumaczenie" co i jak mam usunąć ( np te pornusy:( )

z gory dziękuje.


(Gblade) #2

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery

5.Dajesz nowy log z hjt + log z Silent Runners

Co do neta, użyj lspfix odpal i przenieś biblioteke newedotnet do okienka remove i kliknij finish, lub użyj winsockfix, który naprawi cały łańcuch winsock.


(M Zaba) #3

a o to co otrzymałam:

może to tez się przyda:

Lavasoft Ad-aware Personal Build 6.181

Po zastosowaniu programów do naprawy internetu, niestety nadal go nie ma. komputer nie widzi połączenia:( . W okenku połączenie widać wychodzące, ale brak odebranego. W okienku IP wyskakuja dwa inne numery, a maska jest takak 255.255.0.0 czy to możłiwe, czy nie powinno sie składac z większej liczby? aha i brak bamy domyślnej, tzn nie ma żadnych cyferek oraz brak preferowanych serwerów,a właściwie to pokazuje ze brak jakiegokolwiek. mam net w aster city, moze to coś pomoze, albo czy mam coś gdzies wpisać:slight_smile:

Prosze o sprawdzenie tego zestawu dla mnie 'czarnej magii" i ew. w necie. Dzięki;]


(Mayster X) #4

Log z HijackThis ok ... :wink:

Pobierz program Ewido zrób update i przeskanuj

oraz


(M Zaba) #5

Za bardzo nie mam jak zrobic update, bo jak już napisałam nie mam internetu. Widzi modem, wysyła sygnał, nie ma połączenia. Więc co proponujecie, abym miała net? :shock:


(Mayster X) #6

Jeśli masz możliwośc to wklej loga z Silent Runners

zrobiłaś wszystko co napisał InfinityToJa


(M Zaba) #7

tak, ale ten program tez nie widzi internetu, kilka razy się restartował i bezskutecznie :frowning:

a co do Silent Runners tego czy to nie to:

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"IncrediMail" = "C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c" ["IncrediMail, Ltd."]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"PCShield" = "regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"" [MS]

"NOMAD Detector" = ""C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe"" ["Creative Technology Ltd."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

"ccleaner" = ""C:\Program Files\CCleaner\ccleaner.exe" /AUTO" ["Pi**............itd. jeśli to to, to zamieścilam co mi wyskoczyło;] po skanie.**


(Monczkin) #8

Monika-ka proszę logi i wszelkie komunikatyy umieszczać z znacznikach :evil:


(M Zaba) #9

:? jak sie już nauczę to bezzwłocznię tak zacznę robić..... :oops:


(Bbieniol) #10

Ten log jest urwany - poczekaj na komunikat, że log skończony - dopiero wtedy wklej go na forum :slight_smile:


(M Zaba) #11

podałam 3 pełne logi wyrzej, a-awrar`a, hijacka i tego spy-boota. A ten urwany to tylko przykład. Kmputer teraz smiga jak oszalała - tzn bardzo szybko, natomiast gorzej z tym netem. Chciała odinstalować iexplorera, ale nie mogę, cos go blokuje. Komputer nie widzi moje IP. Czy mógł by ktos mi powiedziec jak usunąć iexplorera? :]


(Bbieniol) #12

Jak rozumiem nadal nie działa? Użyłaś narzędzia WinSockFix? Bo wydaje mi się, że łańcuch jest zerwany

Poczytaj tutaj --> http://forum.dobreprogramy.pl/viewtopic ... 38d0edf319


(M Zaba) #13

Tak uzyłam wszystkich zaleconych programów, nawet po 2-3 razy, a oto ostatnie 2 logi: a internetu ni huhu :frowning:

Logfile of HijackThis v1.99.1 Scan saved at 22:50:11, on 2006-06-23

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Creative\ShareDLL\MediaDet.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\INCRED~2\bin\IMApp.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Documents and Settings\Konto Administratora\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [incrediMail] C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"

O4 - HKCU..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe"

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: Player! - {C377C94E-5A4F-11d3-940D-00001CD3D236} - C:\WINDOWS\System32\shdocvw.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O12 - Plugin for .pcg: C:\Program Files\Internet Explorer\Plugins\nppcgplg.dll

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://wilga.acn.pl/wilga/art/tdserver.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex ... Loader.cab

O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - http://www.miniclip.com/toolbar/minicliptoolbar.cab

O16 - DPF: {80B410C0-BADA-11D4-8308-0080C8D7ED4A} - http://gryonline.wp.pl/files/tysiac.cab

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer_147.cab

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

" Silent Runners.vbs", revision 46, http://www.silentrunners.org/Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"IncrediMail" = "C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c" ["IncrediMail, Ltd."]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"PCShield" = "regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"" [MS]

"NOMAD Detector" = ""C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe"" ["Creative Technology Ltd."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

"ccleaner" = ""C:\Program Files\CCleaner\ccleaner.exe" /AUTO" ["Piriform Ltd"]

"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Internet Download Manager Corp., Tonec Inc. "]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]

"CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]

"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]

"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Copyright © ahead software gmbh and its licensors"]

"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"MULTIMEDIA KEYBOARD" = "C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" ["Netropa Corp."]

"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]

"CamMonitor" = "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [empty string]

"Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]

"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]

"PCShield" = "regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"" [MS]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}(Default) = "IDM Helper"

-> {HKLM...CLSID} = "IDMIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager Corp., Tonec Inc."]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera"

-> {HKLM...CLSID} = "My Digital Camera"

\InProcServer32(Default) = "C:\Program Files\Common Files\FotoNation\camview.dll" ["FotoNation Inc."]

"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Folder przesyłania Share-to-Web"

-> {HKLM...CLSID} = "Folder przesyłania Share-to-Web"

\InProcServer32(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

"AppInit_DLLs" = (value not set)

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

IMMenuShellExt(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"

-> {HKLM...CLSID} = "IMMenuShellExt Class"

\InProcServer32(Default) = "C:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Konto Administratora\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ss3dfo.scr" [MS]

Startup items in "Konto Administratora" & "All Users" startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

"Microtek Scanner Finder" -> shortcut to: "C:\WINDOWS\twain_32\ScanWiz5\SDII.exe" [empty string]

"Remote Controller" -> shortcut to: "C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE" ["TelSignal Co., Ltd."]

Enabled Scheduled Tasks:


"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:


Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:

%SystemRoot%\system32\mswsock.dll [MS], 1 - 8

C:\WINDOWS\System32\idmmbc.dll [null data], 9

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{9FF56D85-DB4F-4267-B669-8D05B0BF9A04}(Default) = (no title provided)

-> {HKLM...CLSID} = "Web Offer Bar"

\InProcServer32(Default) = "C:\PROGRA~1\TopText\eapbh.dll" ["CliprexWOInt"]

{F7384C48-97B6-45DF-A2FA-1D7762D32F9C}(Default) = (no title provided)

-> {HKLM...CLSID} = "Web Offer Bar"

\InProcServer32(Default) = "C:\PROGRA~1\TopText\eapbh.dll" ["CliprexWOInt"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{C377C94E-5A4F-11D3-940D-00001CD3D236}\

"ButtonText" = "Player!"

Running Services (Display Name, Service Name, Path {Service DLL}):


Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

Netropa NHK Server, nhksrv, "C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe" [null data]

NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]

Keyboard Driver Filters:


HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = INFECTION WARNING! "msikbd2k" ["Netropa Corporation"]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 63 seconds, including 5 seconds for message boxes)


(Mayster X) #14

W HijackThis skasuj :

Log ogólnie czysty

Wpis usuń Hijackiem oraz całkowicie zapobiec powstawaniu tego wpisu poprzez:

Panel sterowania --> System --> Zaawansowne --> Uruchamianie i odzyskiwanie

Klikasz Ustawienia i w sekcji Zapisywanie informacji o debugowaniu ustaw opcję na Brak

Start -> Uruchom -> msconfig -> Uruchamianie

Odznacz aplikacje które nie używasz


(Gblade) #15

W dodaj/usuń odinstaluj TopText, później jeśli będzie skasuj folder C:\PROGRA~1\ TopText

Otwórz notatnik i wklej:

Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym